Managed detection and response (MDR) assumes that attacks are always in progress. A team of highly skilled investigators and their analytical tools proactively hunt for unseen threats in real time. MDR services in any organisation maximise the likelihood of exposing attacks, so the necessary action can be taken to reduce any damage done.
With the large amount of network traffic companies are working with, the concern to defend their network arises. Breaches can go unnoticed, or worse, embarrassingly identified by a third party. Companies then have to apologise, and/or face hefty fines for data breaches, not to mention the damage an incident like this could do to a company’s reputation.
MDR services therefore came about as a need for those organisations lacking in resources, to understand the risks, identify the threats and then respond to them.
While different companies detect and respond to threats in their own way, MDR services mostly share the following characteristics:
- MDR services focus on threat detection over compliance.
- MDR services use a service provider’s set of technologies, but is deployed on the companies’ premises. The provider is responsible for managing the tools. The tools used may vary, but they are there to guard systems and detect the threats that have passed the traditional perimeter security tools.
- MDR services make use of people to monitor the network or analyse security events. This makes it more personable, adding human analyses to complex incidents.
- MDR services also remotely respond to incidences.
As its title suggests, managed detection and response is about exactly that:
- A set of updated and refined detectors, identifying suspicious activities across your environment – DETECT.
- Professional response engineers providing detailed response actions when alerted to a possible threat – RESPONSE.
- MDR services are able to distinguish between actionable alerts and false positives, ensuring that important alerts aren’t overlooked – MITIGATE.
- Investigate alerts using detailed logs from various sources. Investigation times that usually take days are reduced to minutes – REAL-TIME.